In defense of the realm: understanding the threats to information security

Authors:
Michael E. Whitman
Affiliations:
Computer Science and Information Systems Department, Kennesaw State University, 1000 Chastain Road MS 1101, Kennesaw, GA 30144, USA
Venue:
International Journal of Information Management: The Journal for Information Professionals
Year:
2004

Citing 19
Cited 16

Computer crime—risk management and computer security

Computers and Security
Discovering and disciplining computer abuse in organizations: a field study

MIS Quarterly
Information systems security design methods: implications for information systems development

ACM Computing Surveys (CSUR)
The effect of codes of ethics and personal denial of responsibility on computer abuse judgements and intentions

MIS Quarterly
Personal computing acceptance factors in small firms: a structural equation model

MIS Quarterly
Catapults and grappling hooks: the tools and techniques of information warfare

IBM Systems Journal
Coping with systems risk: security planning models for management decision making

MIS Quarterly
An examination of cross-national differences

ACM SIGCAS Computers and Society
Integration of computer security into the software engineering and computer science programs

Journal of Systems and Software - Special issue on software engineering education and training for the next millennium
Security, Accuracy, and Privacy in Computer Systems

Security, Accuracy, and Privacy in Computer Systems
Integrating Security into the Curriculum

Computer
Profiles of Strategic Information Systems Planning

Information Systems Research
Password security: an empirical study

Journal of Management Information Systems
Preventive and deterrent controls for software piracy

Journal of Management Information Systems
To purchase or to pirate software: an empirical study

Journal of Management Information Systems
Goals for computer security education

SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Information systems management issues for the 1990s

MIS Quarterly
Key issues in information systems management

MIS Quarterly
Information systems security: A managerial perspective

International Journal of Information Management: The Journal for Information Professionals

A longitudinal study of information system threat categories: the enduring problem of human error

ACM SIGMIS Database
Capturing industry experience for an effective information security assessment

International Journal of Information Systems and Change Management
Protection against unauthorized access and computer crime in Norwegian enterprises

Journal of Computer Security - The Third IEEE International Symposium on Security in Networks and Distributed Systems
The near real time statistical asset priority driven (nrtsapd) risk assessment methodology

SIGITE '08 Proceedings of the 9th ACM SIGITE conference on Information technology education
Security Functional Components for Building a Secure Network Computing Environment

Information Systems Security
In a 'trusting' environment, everyone is responsible for information security

Information Security Tech. Report
User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach

Information Systems Research
Asset priority risk assessment using hidden markov models

Proceedings of the 10th ACM conference on SIG-information technology education
Towards an empirical measure for assessing public attitudes regarding government cybercrime countermeasures

Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
User participation in information systems security risk management

MIS Quarterly
A causal knowledge-based expert system for planning an Internet-based stock trading system

Expert Systems with Applications: An International Journal
Reinforcing the security of corporate information resources: A critical review of the role of the acceptable use policy

International Journal of Information Management: The Journal for Information Professionals
The information security policy unpacked: A critical study of the content of university policies

International Journal of Information Management: The Journal for Information Professionals
Institutional Influences on Information Systems Security Innovations

Information Systems Research
Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis

Information Resources Management Journal
Determining the antecedents of digital security practices in the general public dimension

Information Technology and Management

Quantified Score

Hi-index	0.00

Visualization

Abstract

The popular press is replete with information about attacks on information systems. Viruses, worms, hackers, and employee abuse and misuse have created a dramatic need for understanding and implementing quality information security. In order to accomplish this, an organization must begin with the identification and prioritization of the threats it faces, as well as the vulnerabilities inherent in the systems and methods within the organization. This study seeks to identify and rank current threats to information security, and to present current perceptions of the level of severity these threats present. It also seeks to provide information on the frequency of attacks from these threats and the prioritization for expenditures organizations are placing in order to protect against them. The study then will compare these findings with those of previous surveys.